Posts Tagged ‘Serialization security’

PHP Serialization has a fatal flaw which allows for pollution of the scope and global context of an application, as well as running arbitrary code in some scenarios if sources of taint are allowed in. It is a very high impact attack but requires in-depth evaluation criteria and careful inspection to be caught.
I have prepared a lab to explore and try this attack, available at: